cypherpunks-legacy
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
> Quoting from the New York Times:
>
> David Lammy, Britain's intellectual property minister, also called
> for a suspension of Blackberry's encrypted instant message service.
> Many rioters, exploiting that service, had been able to organize mobs
> and outrun the police, who were ill-equipped to monitor it.
IIRC this came up last year when a Middle Eastern country (I forget
which) were threatening to not let RIM operate unless they could
intercept blackberry messages.
However, as was pointed out then, apparently the encryption is to &
from RIM's servers, not the recipient. So RIM have access to all the
'secret' messages. I expect GCHQ & the Met will make sure said
systems are patched in to their surveillance programme in no time.
Unfortunately the present climate in England is such that I can't
imagine such measures being anything but lauded.
_______________________________________________
The cryptography mailing list
cryptography(a)metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
*Imagine if these wretches had the even more common name "Geert Lovink."
Really, one shudders to think -- bruces
If your name is David Nelson you can expect to be hassled, delayed,
questioned and searched before being allowed to board aircraft anywhere
in the United States for the foreseeable future.
Since the horrific attacks on Sept. 11, 2001, the federal Transportation
Security Administration has, without any public announcement, created a
two-tiered list of names "to protect our aviation system," says Nico
Melendez, the agency spokesman for the West Coast, who is based in Los
Angeles.
The name David Nelson apparently is on one of those lists.
"There is a 'no-fly' list," he says. "That's people who cannot fly,
period, " because they've been determined to be or are suspected of
being "a threat to civil aviation or to national security."
Details about the list are "considered sensitive security information
and cannot be released to the public," Nico says, but the Wall Street
Journal suggests there are about 300 names on the "no-fly" list.
There's another list that Nico calls the "selectees list." Might as well
call them "suspectees." This is a much larger list of names,
accumulated, Nico says, from information obtained from intelligence
agencies and the airlines. These folks may be allowed to fly but only
after they're intensely scrutinized by airline, law enforcement and
security personnel.
People whose names are on the two lists undergo what is not a routine
security screening, in which you're asked to remove your shoes or empty
your pockets. This week 18 men named David Nelson, all residents of
Oregon, confirmed they have been repeatedly delayed at airport counters
and security checkpoints in the last year or so.
Take the February experience of Dave Nelson of Salem, a lobbyist whose
largest client is the Oregon Seed Council. Dave often travels for
business, sometimes accompanying the governor on trade missions. "We
were on our way to a trade show in Atlanta," Dave says, "trying to use
the auto-check-in for baggage. We punched in our information, and the
computer wouldn't accept it."
Dave and his wife, Leah, stood in line until an agent was available at
the Delta counter. "We gave him our info, and he kept punching on his
computer for about 10 or 15 minutes. . . . Then he says, 'I have to go
in the back room.' He took off, and we stood there another 10 minutes. I
asked L1 another clerk to find out where he'd gone."
After more waiting, they were told a supervisor was being sought.
"Nobody would tell us what was going on," Dave says. "It's been 30 or 35
minutes by now. Finally the guy came out and said, 'You'll have to talk
to the cop behind you.' We turned around, and there's a security guy."
Dave says the officer told him there was a list of suspicious people,
"and you're on the list."
Dave was asked for I.D. and turned over his driver's license. "They
called downtown and ran a criminal check, and I was clean. Then the
counter clerk had to call national Delta and get permission for me to go
on the airplane. We were now pretty close to takeoff time." Dave and his
wife were issued tickets, but again at the gate Dave was thoroughly
frisked, searched and identified.
At the airport in Atlanta on the way back, the same thing happened. "The
woman punched in my name and said, 'Oh, no, Mr. Nelson . . .' "
One after another, local David Nelsons tell the same story: At airports
their bags are put through bomb detectors; they are delayed, searched,
questioned.
David Nelson of Gresham says he was searched and screened three times at
the Portland airport, then again at the gates of Dallas and Atlanta
airports before arriving in Savannah, Ga., last month. "It's as if they
think you've been transformed into a terrorist en route. You'd think one
screening was enough, when you haven't left a secure area the entire
trip."
"What really concerned me," says David Nelson of Northwest Portland, who
recently was delayed trying to fly to Juneau, Alaska, to take care of
his mother, "was even when they determined I wasn't the one on the list,
it's like I had a label on my forehead that says, 'One must frisk this
person at every opportunity and go through his luggage.' It's as if I
were a pariah. " David had no idea why he was being singled out; no one
mentioned a list. "My son is a pilot for Continental; I thought maybe
that had something to do with it."
Oregon state Sen. David Nelson, from Pendleton, also had no idea why he
was being delayed at airports. "Then we flew into the Medford airport on
Horizon, and one of the agents said, 'Your name is on the list. You're
going to be checked every place you go.' That was a shock."
As David Nelsons all over the country have learned, once your name is on
the list, there's no way you can get it removed. Every time you go to an
airport, you're assumed to be guilty until you can prove yourself
innocent.
Dave Nelson, the Salem lobbyist, spent a lot of time making phone calls
after his trip to Atlanta, trying to learn how he could avoid the
security hassles. "I thought I'd seen something on the news that you
could get a pre-clearance, a photo I.D. We called the Port, and they
knew nothing. I called the FBI and went up the ranks, and there's
nothing like that. You're just stuck. I said, 'What if I used my full
name, or just an initial?' They said, 'None of that would make a
difference. You're on the list.' "
Somewhere in the world there's an actual terrorist suspect named David
Nelson who started all this mess. Several David Nelsons have been told
by security or airline personnel that he's from Nashville.
But they're looking for him everywhere. Portland radiologist David
Nelson "never could figure out why I was constantly getting flagged. Our
bags would always come back with tape around them, saying they had been
searched." His son and namesake, David Wesley Nelson, who's 27, thought
he was always stopped "because of my age." When he flew to Los Angeles
recently, "they gave me a big hassle because I didn't have a passport. I
said, 'I don't normally carry a passport when traveling within the U.S.'
"
Every single David Nelson interviewed understood the need for greater
security in a post Sept. 11 world. They realize there are trade-offs
between liberty and security. But in today's world of high-tech
wizardry, it's hard to believe the Transportation Security
Administration can't come up with a computer software program that would
create a "free-to-fly" list of people whose I.D. has been checked and
whose innocence already has been verified.
The problem is not the "no-fly" list or the "selectees" list. The
problem is, once you're on the lists, you can't get off. It's one thing
to know you have to get to the airport three or four hours before every
flight; the David Nelsons might accept that as a sign of the times. But
how would you feel, knowing your name was on a government terrorist
watch list?
Linda Nelson of Tigard says her husband, David Nelson, has been hassled
in airports. "You're treated as a second-class citizen in your own
country," she says.
David Nelson is a common name. "My dentist has a couple of them in his
practice," says David Nelson of Aloha, "and my boss is actually named
David Nelson. He's had the same thing happen to him."
Nico Melendez of the Transportation Security Administration will not
confirm that the name David Nelson is on the "no-fly" or "selectees"
list. But he does say that people who want to see if their name is on
either list or who want to make a complaint, can call the agency's
contact center at 866-289-9673 or send an e-mail to TellTSA(a)tsa.dot.gov.
But if your name is David Nelson, chances are you won't breeze through
any airports in the near future. Even if you're a celebrity.
Remember Ozzie and Harriet's son, David Nelson? "I got stopped at the
John Wayne Airport" in Orange County, Calif., he said by phone from Los
Angeles this week. "Two police officers knew who I was and tried to
explain to the guy behind the security desk. It didn't faze him at all."
Even as another officer was saying he had once met David's mother,
Harriet, David was being instructed to remove his shoes, he says. "I
asked, 'Does the guy on the list have a middle name of Ozzie?' He said,
'It just says David Nelson.' "
http://www.oregonlive.com/news/oregonian/margie_boule/index.ssf?/base/livin…
1
0
I work in downtown DC (a few blocks from the White House) and this
morning saw a plain white blimp over Farragut Park. This thing has
no insignia, no numbers, no markings at all and it spent all day
circling the city.
CNN, and numerous other sources explain this is an Army survellience
blimp. Aside from posse comitatus, this is simply immoral. I for
one welcome our new art deco overlords.
Here's the CNN story:
http://edition.cnn.com/2004/US/09/29/security.blimp.ap/
Security blimp tested in Washington skies
WASHINGTON (AP) -- Here's a head-turner for a security-nervous city:
A large white object was spotted in the skies above the nation's
capital in the pre-dawn hours Wednesday.
Pentagon police said the Defense Department is testing a security
blimp -- fully equipped with surveillance cameras. The white blimp
was spotted early Wednesday morning hovering at various times over
the Pentagon and the U.S. Capitol.
The 178-foot-long device, which is expected to remain in the skies
until Thursday, is conducting a mission for the Defense Department.
Authorities say the airship is equipped with infrared cameras
designed to provide real-time images to military commanders on the
ground. The equipment on the blimp already is being used to protect
troops in Afghanistan and Iraq.
The Army says the device will make at least one 24-hour flight in
the District of Columbia area. It has been in the region since last
week, and is also being used for test runs over the U.S. Marine
Corps Base in nearby Quantico, Virginia, and the Chesapeake Bay.
--
James P. Howard, II -- howardjp(a)vocito.com
http://www.jameshoward.us/ -- 202-390-4933
-------------------------------------
You are subscribed as eugen(a)leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
Begin forwarded message:
1
0
> Quoting from the New York Times:
>
> David Lammy, Britain's intellectual property minister, also called
> for a suspension of Blackberry's encrypted instant message service.
> Many rioters, exploiting that service, had been able to organize mobs
> and outrun the police, who were ill-equipped to monitor it.
IIRC this came up last year when a Middle Eastern country (I forget
which) were threatening to not let RIM operate unless they could
intercept blackberry messages.
However, as was pointed out then, apparently the encryption is to &
from RIM's servers, not the recipient. So RIM have access to all the
'secret' messages. I expect GCHQ & the Met will make sure said
systems are patched in to their surveillance programme in no time.
Unfortunately the present climate in England is such that I can't
imagine such measures being anything but lauded.
_______________________________________________
The cryptography mailing list
cryptography(a)metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
[liberationtech] The Tor Project is looking for a Project Coordinator
by Roger Dingledine 06 Jul '18
by Roger Dingledine 06 Jul '18
06 Jul '18
We have funding for a full-time person. Please spread the word!
A project coordinator is the person who brings order to chaos. You will
coordinate and help track deliverables, progress, and metrics of current
projects. You will also help plan future projects through proposals.
Your impact will involve:
* Deriving deliverables, deadlines, and milestones for each active contract.
* Developing timelines and schedules for completion of milestones and
deliverables for each active, and occasionally proposed, contract.
* Collecting ideas and potential deliverables for the future.
* Raising concerns, timeline slips, and probability of missed deadlines
to management.
* Helping with managing people's schedules, work load, and keeping
various people or teams in communication with one another.
* Tracking deliverable completion.
* Developing and maintaining metrics about project completion rate
and other measures as based on evidence-based project management or
something similar.
* Helping contractors develop their contract deliverables for six month
periods based on expected workload.
* Maintaining project status pages on trac (or whatever system we have)
with deliverables, tickets, and monthly summaries of progress.
* Helping to write the monthly progress reports required for contracts.
See the job posting for information on how to apply and what you need
to send in with your application:
https://www.torproject.org/about/jobs-projectcoordinator.html.en
Thanks,
--Roger
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Hi Catherine,
On 04/19/2012 03:16 PM, Catherine Fitzpatrick wrote:
> Jacob Appelbaum's agenda doesn't seem to be entirely altruistic here
> with this Ultrasurf report.
>
Where did I claim altruism? I am auditing tools that claim to be
perfectly anonymous because it benefits everyone to have honesty and
truth in advertisement for our community of tools.
I did however invest, as Ultrasurf acknowledged, a great deal of time in
disclosure to Ultrasurf. I also invested a great deal of time in making
positive suggestions, which were largely accepted by UltraReach. I hope
you'll note that the language on their website is drastically different
today if you compare it to the text on their website from a year ago.
Honesty in advertisement is important information that helps users to
make an informed decision and to ensure that Government funded projects
at least attempting to be honest in how they sell themselves to their users.
> There's a lot going on -- first, there's the desire of him (and his
> supporters) to attack the US government and "DC Lobbyists" merely for
> what they are, which is a hated government with a disliked Internet
> Freedom program, which has put him under investigation for his
> involvement in WikiLeaks (his buddies at the State Department
> notwithstanding).
This is nonsense. Not only do you have it all wrong, you're actually
just out of your depth. It shows.
I am not attacking the US government. To be quite honest, I gave this
report to those around DC that asked - this includes people at State,
BBG and of course, Ultrasurf - well before the report was released to
the public. I did this to ensure that we could broker a discussion with
Ultrasurf to ensure that Ultrasurf felt we were coordinating and being
responsible.
I did not give this to the Chinese or Iranian or Syrian governments nor
any of their agents or anyone that I felt would do Ultrasurf harm or
attempt to attack their users.
I actually rather like the Internet Freedom program, it's not perfect
but it's pretty good! So again - you think you know what I think but
you're mistaken.
> Second, there's the desire to attack any competitor
> of Tor, especially a competitor that adheres to the idea of
> proprietary versus open source software. These are religious
> matters.
Surely you don't suggest that for proprietary or open tools it is
reasonable to never have a third party security audit?
There is no competitor to the Tor Project in the field of online
anonymity. There are charlitants who claim to be perfectly anonymous and
untraceable - as we see with Ultrasurf - they do not live up to their
advertised claims. You conflate Free and Open source software with peer
review, which is understandable but a very serious mistake to make.
If you suggest that peer review is a religous matter, I think you're
making an even bigger mistake. Do you realize that there has been *no*
peer review - even by funders of the tool? None. Zero. This is changing
now and that is because of my peer review of their claims. I have even
offered to help them and have given them a large amount of time in the
last six months because I want them to improve.
The fact that they are closed source presents them with a serious
problem and I'd love to hear your suggestions for a solution with it. It
appears that some governments, such as Syria and likely China release
backdoored versions of software. I have some samples of a common tool
which appear to have such a backdoor. AV software sometimes
automatically classifies Ultrasurf as malware. This is usually a
mistake. However - what happens when it actually includes malware *and*
it actually has something wrong with it? Say because it has been
tampered with in transit or an attacker, such as the Chinese, compromise
the download servers?
One solution is to offer source code and for trusted users in a
community to review them, and to ensure that any changes make sense or
fit with the established norms of the system. It's also possible to look
at copies of the program in every linux distribution, every released
copy on software mirrors and other places to compare with the expected
result.
Another solution is to offer digital signatures - this is something that
is now happening because of my report. The downside is that China and
the Stuxnet authors both clearly have the ability to falsify the
selected digital signature method selected by Ultrasurf.
So - again, we see no peer review and no safe method of verification.
I'd love to see you solve those problems and while Open and Free
software doesn't solve it all, I think it gets us a lot closer.
So do please offer suggestions and try not to punt.
>
> In other words, when a person who runs a competing open-source
> software solution, who has his reputation largely wrapped in it, goes
> and publicly attacks a proprietary software solution as inferior and
> even harmful, and attacks a software used by a government that has
> him under investigation, it's ok to question where he is going with
> this.
>
The facts stand for themselves. You're unable to evaluate those facts
and as a result, you simply, as usual, attack me. I mean, you're
welcome, I think the solution to "bad" speech is more speech.
> There is the added dimension of the pornography issue -- Appelbaum's
> slam on Ultrasurf for blocking porn distracts from the fact that Tor
> is notoriously used for viewing pornography, including illegal child
> pornography.
Do you have proof that Ultrasurf blocks Child Porn Catherine? I suspect
the answer is no - which well, I think that's because the answer is no.
The fact of the matter is that they block access to legal US
enterprises. I think that government funded services have a duty of care
not to restrict access to legal US businesses - this is why I am against
Amtrak censoring the internet - don't censor with public money.
In any case - just to settle this issue - members of police forces
around the world use Tor, as does the Internet Watch Foundation, to hunt
for Child Porn - they need anonymity, so that they can find the bad guys.
Do you have another suggestion for an anonymity solution that is good
enough for the Internet Watch Foundation to catch sexual predators? I
bet they'd love to hear it and most of all, I'm certain this list would
be interested in such a solution.
Frankly, I think that the good outweighs the bad in this case and I'd
encourage you to admit that you don't actually know the whole story.
> And there's the fact that Appelbaum has published his
> critique just as yet another criminal case involving the use of Tor
> for illegal drug sales is being publicized:
>
> http://www.justice.gov/usao/cac/Pressroom/2012/045.html
I had no knowledge of this press release from the Justice department nor
would anyone else, I imagine. It's pretty ridiculous to suggest that I
timed the release of my report in response to that DoJ press release.
When I met them in December, we agreed upon a ninety day time frame for
release of the report. The report was originally scheduled for release a
month ago but Ultrasurf asked for more time. I planned the release for
Monday the 16th of April as a firm deadline and they were well aware of
it before publication.
>
> There is no reason to take his concerns public, as the notion that
> "users need to be warned" isn't sufficient, as most users couldn't
> read a blog in English anyway, and most users don't care about
> anonymity, which they lost to their ISP anyway. They care about
> trying to access blocked sites, and perfection in this effort isn't
> required.
I disagree with you very strongly and many others in the computer
security field, as well as other fields, believe that sunlight is a good
way to solve problems.
This report, as I understand it, has or will been translated into other
languages for the benefit of non-English speaking users.
I think you may be right about "most users don't care about anonymity"
but I'd like you to tell us all - if you claim as a human rights worker
that you won't disclose a report but you actually do disclose it against
their wishes - have you done something wrong? Is honesty in
advertisement important? I think it is very important and as long as
they claim to be anonymous and an anonymity service, I'd ask you to
consider what you're claiming to be irrelevant. The issue is that they
_claim_ to be an anonymity service - it has nothing to do with your
projections of a user, which are speculative at best.
>
> So this report seems a hostile, politically-motivated attack on his
> part.
>
Only if you disregard the fact that I have worked closely with them
until I felt they were stalling me and not fixing issues that needed to
be fixed. They sure are working hard to fix those issues now - after
nearly four months of dragging their feet - I think that's a good thing.
> What's important in the fight for Internet freedom are the following
> principles of non-coercion:
>
> o no one should be forced or brow-beaten into using open-source
> software; proprietary software is ok to use. If your opensource
> software is demonstrably better, it will sell itself without you
> having to artificially level the playing field with constant
> ideological attacks
We disagree about Free Software in this field and that is OK. In the
area of anonymity and security, I think that we must have tools that
regardless of their license, are open for review and verification. That
is why Free and Open source software is on the table. It makes it easier
and frankly, possible, to review claims.
I'm not forcing or brow-beating anyone. I presented a paper with some
serious concerns, I worked with Ultrasurf to correct a number of the
most serious, and I have encouraged further third party review to
improve their system.
If that's brow-beating - what is your email where you directly attack
me? It seems a bit duplicitous at the very least and it reeks of
political attacks against me for my associations that you despise.
>
> o no one who produces proprietary software solutions should be
> bullied into having to discuss their flaws openly or be forcibly
> outed as to their flaws;
You keep saying that I'm a bully but you fail to acknowledge that I
worked with Ultrasurf, flying to another state to meet with them,
disclosing the report to them privately and so on.
There was no bullying.
> it merely helps give ideas to authoritarian
> governments and doesn't really help users.
>
Do you have evidence for your assertion here? I'm guessing "no" but I'd
like to know. Yes? No?
> o if you don't like proprietary software, you don't have to wage a
> jihad against it, you can make your own opensource software that is
> supposedly better
>
It's not hard to do that and many people have done so.
> o pluralism is the best defense against authoritarianism, not
> everyone being forced to go to "the best" circumvention tool or "the
> ISP that secures your privacy". It's precisely when the market is
> open with a variety of options that authoritarian is undermined
>
It's nice that we actually, for once, agree. Pluralism in design choices
is absolutely required. It is an example of how a free market may work
in a practical sense and I support that concept entirely.
Security researchers who test claims are serving as a correction to
overvalued ideas or solutions in the market.
> o software does not have to be perfect to largely achieve its goal --
> 1/99 binary thinking is a killer of freedom
There is no perfect software but there are those who claim perfection
without acknowledging their imperfections. That is a real problem.
>
> o people have the right to be wrong about software -- an open society
> requires that right to be wrong and to float contrary hypotheses even
> if they are incorrect, politically or otherwise
>
I agree. I also have the right to show the world that there is something
wrong with that very software.
> o you don't have to be technically capable to criticize software that
> profoundly influences all of us as we increasingly move our lives on
> line.
>
You're right - you don't have to be literate in a field of specific
interest to criticize it. However, it sure would help if you
acknowledged that Ultrasurf's designated enemy is however quite literate
on the subject matter.
Today someone pointed me at this report authored by an academic in China:
https://www.scribd.com/doc/90338145/UltraSurf-analysis-by-Zhang-Lei-in-Chin…
> My thoughts:
>
>
> http://3dblogger.typepad.com/wired_state/2012/04/jacob-appelbaums-obfuscati…
>
Thanks for your thoughts - I hope you'll address each of my points and
try to be constructive.
It's been a pleasure,
Jacob
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Hi Catherine,
On 04/19/2012 03:16 PM, Catherine Fitzpatrick wrote:
> Jacob Appelbaum's agenda doesn't seem to be entirely altruistic here
> with this Ultrasurf report.
>
Where did I claim altruism? I am auditing tools that claim to be
perfectly anonymous because it benefits everyone to have honesty and
truth in advertisement for our community of tools.
I did however invest, as Ultrasurf acknowledged, a great deal of time in
disclosure to Ultrasurf. I also invested a great deal of time in making
positive suggestions, which were largely accepted by UltraReach. I hope
you'll note that the language on their website is drastically different
today if you compare it to the text on their website from a year ago.
Honesty in advertisement is important information that helps users to
make an informed decision and to ensure that Government funded projects
at least attempting to be honest in how they sell themselves to their users.
> There's a lot going on -- first, there's the desire of him (and his
> supporters) to attack the US government and "DC Lobbyists" merely for
> what they are, which is a hated government with a disliked Internet
> Freedom program, which has put him under investigation for his
> involvement in WikiLeaks (his buddies at the State Department
> notwithstanding).
This is nonsense. Not only do you have it all wrong, you're actually
just out of your depth. It shows.
I am not attacking the US government. To be quite honest, I gave this
report to those around DC that asked - this includes people at State,
BBG and of course, Ultrasurf - well before the report was released to
the public. I did this to ensure that we could broker a discussion with
Ultrasurf to ensure that Ultrasurf felt we were coordinating and being
responsible.
I did not give this to the Chinese or Iranian or Syrian governments nor
any of their agents or anyone that I felt would do Ultrasurf harm or
attempt to attack their users.
I actually rather like the Internet Freedom program, it's not perfect
but it's pretty good! So again - you think you know what I think but
you're mistaken.
> Second, there's the desire to attack any competitor
> of Tor, especially a competitor that adheres to the idea of
> proprietary versus open source software. These are religious
> matters.
Surely you don't suggest that for proprietary or open tools it is
reasonable to never have a third party security audit?
There is no competitor to the Tor Project in the field of online
anonymity. There are charlitants who claim to be perfectly anonymous and
untraceable - as we see with Ultrasurf - they do not live up to their
advertised claims. You conflate Free and Open source software with peer
review, which is understandable but a very serious mistake to make.
If you suggest that peer review is a religous matter, I think you're
making an even bigger mistake. Do you realize that there has been *no*
peer review - even by funders of the tool? None. Zero. This is changing
now and that is because of my peer review of their claims. I have even
offered to help them and have given them a large amount of time in the
last six months because I want them to improve.
The fact that they are closed source presents them with a serious
problem and I'd love to hear your suggestions for a solution with it. It
appears that some governments, such as Syria and likely China release
backdoored versions of software. I have some samples of a common tool
which appear to have such a backdoor. AV software sometimes
automatically classifies Ultrasurf as malware. This is usually a
mistake. However - what happens when it actually includes malware *and*
it actually has something wrong with it? Say because it has been
tampered with in transit or an attacker, such as the Chinese, compromise
the download servers?
One solution is to offer source code and for trusted users in a
community to review them, and to ensure that any changes make sense or
fit with the established norms of the system. It's also possible to look
at copies of the program in every linux distribution, every released
copy on software mirrors and other places to compare with the expected
result.
Another solution is to offer digital signatures - this is something that
is now happening because of my report. The downside is that China and
the Stuxnet authors both clearly have the ability to falsify the
selected digital signature method selected by Ultrasurf.
So - again, we see no peer review and no safe method of verification.
I'd love to see you solve those problems and while Open and Free
software doesn't solve it all, I think it gets us a lot closer.
So do please offer suggestions and try not to punt.
>
> In other words, when a person who runs a competing open-source
> software solution, who has his reputation largely wrapped in it, goes
> and publicly attacks a proprietary software solution as inferior and
> even harmful, and attacks a software used by a government that has
> him under investigation, it's ok to question where he is going with
> this.
>
The facts stand for themselves. You're unable to evaluate those facts
and as a result, you simply, as usual, attack me. I mean, you're
welcome, I think the solution to "bad" speech is more speech.
> There is the added dimension of the pornography issue -- Appelbaum's
> slam on Ultrasurf for blocking porn distracts from the fact that Tor
> is notoriously used for viewing pornography, including illegal child
> pornography.
Do you have proof that Ultrasurf blocks Child Porn Catherine? I suspect
the answer is no - which well, I think that's because the answer is no.
The fact of the matter is that they block access to legal US
enterprises. I think that government funded services have a duty of care
not to restrict access to legal US businesses - this is why I am against
Amtrak censoring the internet - don't censor with public money.
In any case - just to settle this issue - members of police forces
around the world use Tor, as does the Internet Watch Foundation, to hunt
for Child Porn - they need anonymity, so that they can find the bad guys.
Do you have another suggestion for an anonymity solution that is good
enough for the Internet Watch Foundation to catch sexual predators? I
bet they'd love to hear it and most of all, I'm certain this list would
be interested in such a solution.
Frankly, I think that the good outweighs the bad in this case and I'd
encourage you to admit that you don't actually know the whole story.
> And there's the fact that Appelbaum has published his
> critique just as yet another criminal case involving the use of Tor
> for illegal drug sales is being publicized:
>
> http://www.justice.gov/usao/cac/Pressroom/2012/045.html
I had no knowledge of this press release from the Justice department nor
would anyone else, I imagine. It's pretty ridiculous to suggest that I
timed the release of my report in response to that DoJ press release.
When I met them in December, we agreed upon a ninety day time frame for
release of the report. The report was originally scheduled for release a
month ago but Ultrasurf asked for more time. I planned the release for
Monday the 16th of April as a firm deadline and they were well aware of
it before publication.
>
> There is no reason to take his concerns public, as the notion that
> "users need to be warned" isn't sufficient, as most users couldn't
> read a blog in English anyway, and most users don't care about
> anonymity, which they lost to their ISP anyway. They care about
> trying to access blocked sites, and perfection in this effort isn't
> required.
I disagree with you very strongly and many others in the computer
security field, as well as other fields, believe that sunlight is a good
way to solve problems.
This report, as I understand it, has or will been translated into other
languages for the benefit of non-English speaking users.
I think you may be right about "most users don't care about anonymity"
but I'd like you to tell us all - if you claim as a human rights worker
that you won't disclose a report but you actually do disclose it against
their wishes - have you done something wrong? Is honesty in
advertisement important? I think it is very important and as long as
they claim to be anonymous and an anonymity service, I'd ask you to
consider what you're claiming to be irrelevant. The issue is that they
_claim_ to be an anonymity service - it has nothing to do with your
projections of a user, which are speculative at best.
>
> So this report seems a hostile, politically-motivated attack on his
> part.
>
Only if you disregard the fact that I have worked closely with them
until I felt they were stalling me and not fixing issues that needed to
be fixed. They sure are working hard to fix those issues now - after
nearly four months of dragging their feet - I think that's a good thing.
> What's important in the fight for Internet freedom are the following
> principles of non-coercion:
>
> o no one should be forced or brow-beaten into using open-source
> software; proprietary software is ok to use. If your opensource
> software is demonstrably better, it will sell itself without you
> having to artificially level the playing field with constant
> ideological attacks
We disagree about Free Software in this field and that is OK. In the
area of anonymity and security, I think that we must have tools that
regardless of their license, are open for review and verification. That
is why Free and Open source software is on the table. It makes it easier
and frankly, possible, to review claims.
I'm not forcing or brow-beating anyone. I presented a paper with some
serious concerns, I worked with Ultrasurf to correct a number of the
most serious, and I have encouraged further third party review to
improve their system.
If that's brow-beating - what is your email where you directly attack
me? It seems a bit duplicitous at the very least and it reeks of
political attacks against me for my associations that you despise.
>
> o no one who produces proprietary software solutions should be
> bullied into having to discuss their flaws openly or be forcibly
> outed as to their flaws;
You keep saying that I'm a bully but you fail to acknowledge that I
worked with Ultrasurf, flying to another state to meet with them,
disclosing the report to them privately and so on.
There was no bullying.
> it merely helps give ideas to authoritarian
> governments and doesn't really help users.
>
Do you have evidence for your assertion here? I'm guessing "no" but I'd
like to know. Yes? No?
> o if you don't like proprietary software, you don't have to wage a
> jihad against it, you can make your own opensource software that is
> supposedly better
>
It's not hard to do that and many people have done so.
> o pluralism is the best defense against authoritarianism, not
> everyone being forced to go to "the best" circumvention tool or "the
> ISP that secures your privacy". It's precisely when the market is
> open with a variety of options that authoritarian is undermined
>
It's nice that we actually, for once, agree. Pluralism in design choices
is absolutely required. It is an example of how a free market may work
in a practical sense and I support that concept entirely.
Security researchers who test claims are serving as a correction to
overvalued ideas or solutions in the market.
> o software does not have to be perfect to largely achieve its goal --
> 1/99 binary thinking is a killer of freedom
There is no perfect software but there are those who claim perfection
without acknowledging their imperfections. That is a real problem.
>
> o people have the right to be wrong about software -- an open society
> requires that right to be wrong and to float contrary hypotheses even
> if they are incorrect, politically or otherwise
>
I agree. I also have the right to show the world that there is something
wrong with that very software.
> o you don't have to be technically capable to criticize software that
> profoundly influences all of us as we increasingly move our lives on
> line.
>
You're right - you don't have to be literate in a field of specific
interest to criticize it. However, it sure would help if you
acknowledged that Ultrasurf's designated enemy is however quite literate
on the subject matter.
Today someone pointed me at this report authored by an academic in China:
https://www.scribd.com/doc/90338145/UltraSurf-analysis-by-Zhang-Lei-in-Chin…
> My thoughts:
>
>
> http://3dblogger.typepad.com/wired_state/2012/04/jacob-appelbaums-obfuscati…
>
Thanks for your thoughts - I hope you'll address each of my points and
try to be constructive.
It's been a pleasure,
Jacob
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
======================================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 11.3, 13 February 2013
=======================================================================
Contents
=======================================================================
1. Copyright: challenges of the digital era
2. Most Internet users would use DNT settings if easily available
3. US privacy groups believe US officials lobby to weaken EU privacy
4. Dutch government maintains private copying-exception for downloading
5. Denmark: Government postpones the data retention law evaluation
6. Ancillary copyright law under discussion in Germany
7. Human rights orgs ask OECD to investigate surveillance companies
8. Big Brother Awards 2013 Bulgaria
9. ENDitorial: Licences for Europe and fight club... only one rule
10. Recommended Action: support your privacy rights
11. Recommended Reading
12. Agenda
13. About
=======================================================================
1. Copyright: challenges of the digital era
=======================================================================
EDRi has freshly launched a booklet that overviews the challenges that
copyright is facing in the digital environment.
For the past twelve years, the European Union has discussed how to
support, develop and protect creation in the digital environment. Two
months ago, the College of Commissioners recognised the necessity that
copyright b stays fit for purposeb in the digital economy.
Until now, the focus point has been on the enforcement of pre-existing
legislative norms not only within the rule of law but also through
private policing via internet service providers. However, despite all
these efforts, there is still an ubiquitous lack of respect for copyright.
The booklet looks at the reasons for this profound gap that has emerged
between citizens and the law. Following a brief introduction to the
logic behind granting monopoly rights, the booklet lists some reasons
that lead to difficulties in respecting copyright law, ranging from
excessive penalties for breaching the law to legally-protected
restrictions on citizens' rights to use digital products they paid for.
It then focuses on the impact of rigid and outdated copyright law on
legitimate businesses. Finally, it gives a glance at the wide range of
excessive enforcement measures that underline the deterioration of
copyright leading to unreasonable and wrongful practices.
In short, this booklet presents a simplified overview of the
difficulties facing public support for copyright. EDRi hopes that it
will have a positive impact on the current debate regarding the
necessity of reforming copyright law and adapting the current system to
the digital age, allowing the achievement of the digital single market,
removing existing barriers and giving citizens a better access to their
culture.
Copyright: challenges of the digital era (02.2013)
http://www.edri.org/files/paper07_copyright.pdf
Commission agrees way forward for modernising copyright in the digital
economy (5.12.2012)
http://europa.eu/rapid/press-release_MEMO-12-950_en.htm
Report from the Commission on the application of Directive 2004/48/EC
(22.12.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:…
(Contribution by Marie Humeau - EDRi)
=======================================================================
2. Most Internet users would use DNT settings if easily available
=======================================================================
According to a survey by IT service analysts Ovum, 68% of the Internet
users would use b do-not-trackb (DNT) settings to restrict the use of
their personal data, if such a tool was "easily availableb.
Websites and third-parties, such as advertisers, may record Internet
usersb behaviour in order to serve targeted, personalised ads. Such
user-specific data can be collected by several means, including the use
of cookies. The information thus stored can be passed on by operators to
advertisers for behavioural adverts, based on the users' activity and
declared interests.
Yet, lately, consumers have become more aware of the fact that their
personal information can be used as merchandise. Ovumbs survey has shown
that only 14% of consumers believe Internet firms are honest about the
way they use their consumers' personal data. "Unfortunately, in the gold
rush that is big data, taking the supply of blittle datab b personal
data b for granted seems to be an accident waiting to happen," said Mark
Little, principal analyst at Ovum who added: "However, consumers are
being empowered with new tools and services to monitor, control, and
secure their personal data as never before, and it seems they
increasingly have the motivation to use them."
In Littlebs opinion, the Internet companies would have to change their
attitudes towards their customers. The operators should make privacy
tools available to consumers and use b a new set of messages to change
consumersb attitudes. These messages must be based on positive direct
relationships, engagement with consumers, and the provision of genuine
and trustworthy privacy controls.b Although EU Commissioner Neelie Kroes
had previously asked for a new DNT standard to enable Internet users to
indicate their consent for the use of their personal data in a manner
that would comply with the EU's Privacy and Electronic Communications
Directive, last year she indicated that she would accept a DNT
standard that would only partially meet the requirements under the
Directive. Under the EU's amended Privacy and Electronic Communications
Directive, storing and accessing information on users' computers is only
lawful "on condition that the subscriber or user concerned has given his
or her consent, having been provided with clear and comprehensive
information b& about the purposes of the processing".
The World Wide Web Consortium (W3C) has been working on developing a new
DNT controls system which, in its opinion, should not be switched on by
default but require an explicit instruction to operate. Firefox has
already implemented it since 2011.
Microsoft, on the other hand, has developed its own DNT tool for its new
Internet Explorer 10 web browser. The DNT setting is automatically
activated and the users have to change the settings in case they wish to
let websites and advertising networks track their online activity. This
has obviously crossed advertising companies and the system does not
actually guarantee that all companies would respect it. Yahoo! for
instance, has stated that it would not "recognise IE10bs default DNT
signal".
Google introduced the DNT standard in November 2012, with the launching
of its Chrome 23, but warned that the results could be variable. "The
effectiveness of such requests is dependent on how websites and services
respond, so Google is working with others on a common way to respond to
these requests in the future," wrote Google engineer Ami Fischman on the
companybs blog.
Most consumers would activate do-not-track privacy settings if they were
'easily available', according to Ovum survey (6.02.2013)
http://www.out-law.com/en/articles/2013/february/most-consumers-would-activ…
The data black hole that could suck the life out of the internet economy
(8.02.2013)
http://www.zdnet.com/the-data-black-hole-that-could-suck-the-life-out-of-th…
Google's Chrome finally embraces Do Not Track, but with a warning
(7.11.2012)
http://www.zdnet.com/googles-chrome-finally-embraces-do-not-track-but-with-…
=======================================================================
3. US privacy groups believe US officials lobby to weaken EU privacy
=======================================================================
A coalition of 18 US privacy groups sent a letter on 30 January 2013 to
US politicians such as the Attorney General Eric Holder, Secretary
of State John Kerry and the Acting Secretary of Commerce Rebecca Blank,
asking for assurances that US policy makers in Europe "advance the aim
of privacy" and do not hinder the European data law proposals.
The European Union is considering the data protection regulation that
could give the citizens significant control over the use of their
personal data by websites and marketing companies. Several proposals
would require companies to obtain permission before collecting personal
data and specify exactly what information will be collected and how it
will be used.
One proposal refers to the so-called b right to be forgottenb that
obliges companies like Facebook to delete all information about users
who want to do that. The coalition shows concern over the fact that, as
the new EU Data Protection Regulation is under discussion and debate,
Members of the European Parliament (MEPs) have lately reported that US
policy makers are "mounting an unprecedented lobbying campaign to limit
the protections that European law would provide."
The privacy groups believe that U.S. policymakers, politicians and
bureaucrats are undermining the work of the European Parliament. "The
U.S. should not stand in the way of Europe's efforts to strengthen and
modernize its legal framework," the letter states. Jeff Chester,
Executive Director of the Center for Digital Democracy told ZDNet that
despite President Obamabs pro-privacy speeches, his administration is
"working to protect the U.S. data lobby."
He added: "One of the U.S.' few growth areas is stealing other peoples
data. So, the U.S. is arguing that the EU should not enact strong
baselines rules requiring citizens to provide affirmative consent for
such critical uses as profiling, and adopt its weak industry friendly
approach based primarily on industry self-regulation."
EU Justice Commissioner Viviane Reding said in 2012 that the lobbying
effort had been "absolutely fierce" and unprecedented in scale.
On 3 February 2013, the head of a big pan-European industry group
revealed "intensifying pressure from U.S. lobbyists on behalf of
Google and Facebook," as reported the Financial Times. Jacob
Kohnstamm, the chairman of the EU's Article 29 Working Party also said
European lawmakers were "fed up" of U.S. lobbying.
The letter of the coalition notes that updating the U.S. Electronic
Communications Privacy Act (ECPA), under which authorities need only a
subpoena approved by a federal prosecutor, rather than a judge, to
obtain electronically stored messages six months old or older, would be
a good start for the U.S. officials to bring the country in compliance
with international human rights standards.
The US lobby has shown its practical results after several newspapers
and websites have pointed out that MEPs in the EP's Internal Market and
Consumer Committee (IMCO) have included copy-paste amendments written by
Amazon, eBay or the American Chamber of Commerce (AmCham EU).
Privacy groups call on U.S. government to stop lobbying against EU data
law changes (4.02.2013)
http://www.zdnet.com/privacy-groups-call-on-u-s-government-to-stop-lobbying…
The E.U. could approve a new privacy policy later this year. Europe
Moves Ahead on Privacy (3.02.2013)
http://www.nytimes.com/2013/02/04/opinion/europe-moves-ahead-on-privacy-law…
Lobby groups take CTRL+V of data protection proposal (11.02.2013)
http://edri.org/lobbyplag-eudatap
LobbyPlag
http://www.lobbyplag.eu/
=======================================================================
4. Dutch government maintains private copying-exception for downloading
=======================================================================
The Dutch government announced that it wouldn't prohibit the
unauthorised downloading of copyrighted material.
It did so on 4 February 2013 in a letter to the Parliament, putting an
end to a heated debate that lasted for years. As a result, the
Netherlands remains one of the few countries in Europe where downloading
without permission of the rightsholders is allowed under the private
copying-exception. Dutch digital rights organisation Bits of Freedom
urged that this should be the first step in a long overdue modernisation
of the copyright system.
The Dutch government responded to a resolution by the Dutch Parliament
earlier this year. In this resolution, the Parliament called on the
government to maintain the application of the private copying-exception
to downloading. It did so after the government did not respond to a
similar resolution one year earlier, instead continuing its plans to
abolish the private copying-exception for downloading. Now, however, it
admitted defeat in the face of enduring opposition.
Bits of Freedom hopes that this decision paves the way for the
modernisation of the copyright system. Past political endeavours focused
on the criminalisation of sharing by individual internet users. This is
counterproductive and does not address the real challenge: ensuring that
knowledge and culture is shared as widely as possible while remunerating
rightsholders. The Dutch government should start together with the
Parliament exploring remuneration models which support this goal.
Letter of government to parliament (only in Dutch, 04.02.2013)
https://www.bof.nl/live/wp-content/uploads/briefTeeven040213.pdf
Resolution of Dutch parliament (only in Dutch, 11.12.2012)
https://www.bof.nl/2012/12/11/parlement-spreekt-zich-uit-tegen-downloadverb…
Blog Bits of Freedom: Download Prohibition finally buried (only in
Dutch, 05.02.2013)
https://www.bof.nl/2013/02/05/downloadverbod-eindelijk-begraven/
(Contribution by Ot van Daalen - EDRi member Bits of Freedom Netherlands)
=======================================================================
5. Denmark: Government postpones the data retention law evaluation
=======================================================================
In the coming months, the Danish Parliament will conduct an evaluation
and revision of the Danish data retention law which implements directive
2006/24/EC. The review process has been postponed twice on earlier
occasions (2010 and 2012), and the Danish government wants another
two-year extension, officially in order to coordinate with any changes
in the directive at the EU level.
The Danish law exceeds the requirements of the data retention directive
in several respects, especially as far as Internet logging is concerned.
The Danish law contains a requirement for session logging which includes
data about every Internet packet being transmitted.
Specifically, the following information must be retained: source and
destination IP address, source and destination port number, transmission
protocol (like TCP and UDP) and timestamps. The contents of the
Internet packets are not being logged, but the IP addresses will contain
information about visits to websites of political parties (that is, in
effect, registration of political preferences) and the online news
services that the citizen reads. Last year in the Danish Parliament,
there was considerable debate about the Danish over-implementation of
the data retention directive, in particular Internet session logging.
The Parliament instructed the Danish government to produce an evaluation
report with special focus on session logging. The Danish Ministry of
Justice published this report in December 2012.
The evaluation report contains detailed descriptions of nine police
cases where telephone logging was useful, or maybe even critical, to the
Danish police. These cases are taken from an earlier report submitted to
the EU Commission. All nine cases are about serious and violent crimes
such as murder, armed robbery and organized narcotics smuggling.
For Internet logging there are only three police cases. Moreover, one of
the three cases is really about telephone logging since location data
from a mobile device is used by the police. The location registration
just happens to be triggered by "data calls" from a smartphone. This
leaves two police cases to demonstrate the value of internet logging,
and only one case uses session logging. Both cases involve economic
crimes (fraud) on a relatively minor scale. There is a huge discrepancy
between the nature of the police cases involving telephone and Internet
logging.
The report confirms the EDRi member IT-Pol suspicion that Internet
logging, and especially Internet session logging, is rarely used by the
Danish police. Quite interestingly, the Ministry of Justice formally
states in their own evaluation report that session logging was
implemented in a way that made it useless for the police (the
implementation is according to the requirements of the law). Before
September 2007, the Danish Internet service providers repeatedly warned
the Ministry of Justice that session logging would be useless for the
police.
The Danish Ministry of Justice report (only in Danish, 12.2012)
http://www.ft.dk/samling/20121/lovforslag/l142/bilag/2/1213533.pdf
Danish government wants to postpone the evaluation of the data retention
law for the third time (12.02.2013)
http://www.itpol.dk/notater/Danish-data-retention-evaluation-Feb13
EDRi-gram: Key privacy concerns in Denmark 2007 (30.01.2008)
http://www.edri.org/edrigram/number6.2/privacy-denmark-2007
(Contribution by Jesper Lund, EDRi member IT-Pol Denmark)
=======================================================================
6. Ancillary copyright law under discussion in Germany
=======================================================================
The Judiciary Committee of the German Bundestag held on 30 January 2013
an expert hearing on the proposed b Leistungsschutzrechtb (LRS, known
also as b ancillary copyrightb) law for news publishers which will
require search engines and others to ask permission from news publishers
to link to their content or even give summarize news content.
The draft law was criticized by civil society groups as well as the
German association of Internet economy which pointed out the lack of
clarity of the terms used in the text and the negative effects that the
law may bring by restricting the diversity of information on the
internet. Moreover, the legislation is superfluous as publishers are
already protected by copyright provisions. If this bill is enacted
as-is, search engines would be allowed to display snippets only after
having received permission which may involve or not some payment to the
news publishers.
In some cases, a press publisher might pay a search engine to be
included in its searches. The important issue is that a search engine,
and maybe even social networks, will be obliged to ask permission to
provide snippets from a news publisher. The law has several unclear
areas. For instance, it is not clear whether blogs will be considered as
press products due to the vague definition of the term. The expert
hearing was not focused on technological expertise but rather
on how such a law might fit into the current legal framework.
A representative from the publishersb associations asked for a
technical language to express conditions such as temporal, topical or
size restrictions, payment requirements and other conditions but did not
succeed in presenting a proper way of how this could be implemented. All
experts in the hearing agreed the law would create a period (estimated
at about 5 years) of legal uncertainty, requiring a series of lawsuits
before realizing who will actually be within the sights of the LRS. This
uncertainty also applies when we talk about Facebook or Twitter. It is
not yet clear whether the law will cover only search engines such as
Google or it will extend to social networks. MP Siegfried Kauder of the
Christian Democrats party stated that in his opinion, after hearing the
experts, there seemed to be no reason for the promotion of the law as,
it appeared to be unlikely the law would help in actually producing new
income for news publishers.
In the meantime, in France, Google seems to give in under similar
pressure. Eric Schmidt, Executive Chairman of Google made a statement on
the company blog on 1 February 2013, in an attempt to point out that the
search engine had generated b billions of clicks each monthb for news
publishers, b and our advertising solutions (in which we have
invested billions of dollars) help them make money from that traffic.b
But Schmidt also stated that on the same date, he, together
with President Hollande of France, announced two new initiatives b to
help stimulate innovation and increase revenues for French publishers.b
One was the creation of a 60 million euro Digital Publishing Innovation
Fund financed by Google b to help support transformative digital
publishing initiatives for French readers.b The second initiative is to
increase the partnership with French publishers b to help increase their
online revenues using our advertising technology.b
German Parliament Hears Experts On Proposed Law To Limit Search Engines
(31.01.2013)
http://searchengineland.com/german-leistungsschutzrecht-146826
Google creates b,60m Digital Publishing Innovation Fund to support
transformative French digital publishing initiatives (1.02.2013)
http://googleblog.blogspot.co.uk/2013/02/google-creates-60m-digital-publish…
EDRi-gram: Ancillary copyright madness in Germany and France (26.09.2012)
http://www.edri.org/edrigram/number10.18/ancillary-copyright-proposal-madne…
=======================================================================
7. Human rights orgs ask OECD to investigate surveillance companies
=======================================================================
In the beginning of February 2013 several human rights organisations,
including Privacy International, the European Center for
Constitutional and Human Rights, the Bahrain Center for Human Rights,
Bahrain Watch and Reporters without Borders, filed formal complaints
against surveillance software firms Gamma International and Trovicor.
The OECD (Organisation for Economic Cooperation and Development)
National Contact Point (NCP) in the UK was asked to investigate Gamma
International regarding the companybs potential complicity in serious
human rights abuses in Bahrain and in Germany, the complaint was
directed against Munich-based Trovicor.
In the opinion of the complainants, there are grounds to believe that
the surveillance products and services provided by the two companies
have led to human rights abuses in Bahrain, including arbitrary
detention and torture, violations of the right to privacy, freedom of
expression and freedom of association. It appears that the information
gathered from intercepted phone and internet communications have been
used to detain and torture bloggers, political dissidents and activists
and to extract confessions from them. If the investigation concludes
that the complaints have a real basis, the companies are likely to be
found in breach of the OECD Guidelines for Multinational Enterprises
which sets out principles and standards for responsible business conduct.
b The failure of governments to properly control exports of surveillance
technology has left companies like Gamma and Trovicor regulated
exclusively by their own moral compasses. Unfortunately, these compasses
seem to have malfunctioned and directed companies towards some of the
most dangerous and repressive regimes in the world. We very much hope
the OECD process will persuade Gamma and Trovicor to take a long hard
look at their current and future clients, and to think carefully about
the role their products play in the targeting and torture of activists
and the suppression of pro-democracy voices,b stated Eric King, Head of
Research at Privacy International.
Miriam Saage-MaaC , Vice Legal Director at ECCHR, said: b By maintaining
permanent business relations with the state of Bahrain and maintaining
their surveillance software, both companies have accepted the risk that
they may be accused of abetting torture and other grave human rights
violations. If true, such actions would amount to a violation of the
OECD Guidelines.b
These are not the only companies involved in providing surveillance
equipment to countries where freedom of expression is oppressed. Many
suppliers, besides the two companies in question, such as Nokia Siemens
Networks, Hacking Team and Bull / Amesys have supplied equipment to
Libya, Egypt, Syria, Bahrain, Morocco and many more countries that have
violated human rights during the last years.
Human rights organisations filed formal complaints with the OECD against
surveillance companies (4.02.2013)
http://en.rsf.org/bahrein-human-rights-organisations-file-04-02-2013,44016.…
Briefing note on OECD Complaints against Gamma International and
Trovicor in the UK and Germany (02.2013)
http://www.statewatch.org/news/2013/feb/oecd-complaint.pdf
Human rights organisations file formal complaints against surveillance
firms Gamma International and Trovicor with British and German
governments (3.02.2013)
https://www.privacyinternational.org/press-releases/human-rights-organisati…
EDRi-gram: Export Controls for Digital Weapons (19.12.2013)
http://edri.org/edrigram/number10.24/export-controls-digital-weapons
EDRi-gram: German government intends to use FinFisher Spyware (30.01.2013)
http://edri.org/edrigram/number11.2/germany-finfisher-spyware
=======================================================================
8. Big Brother Awards 2013 Bulgaria
=======================================================================
EDRi member ISOC Bulgaria and the Access to Information Program organized
the Big Brother Awards for 2012. This year the "winners" are the Council of
Ministers of the Republic of Bulgaria - for lack of action in changing the
way special investigative resources (wiretapping) is being used with
regards to data traffic, which should ensure high protection of privacy.
For private companies, the "winner" is Toplofikatsia (Central Heating) for
collecting and processing private data of its customers.
The BBA awards have been given in Bulgaria since 2003, and usually the
worst governmental institution to deal with privacy is either the Council
of Ministers, or the Ministry of Interior. Among private company winners
have been also mobile operators, advertising companies and power
distributing companies.
Details about the Bulgarian Big Brother Awards 2013 (only in Bulgarian,
28.01.2013)
http://bg.bigbrotherawards.org
(Contribution by Veni Markovski - EDRi member ISOC Bulgaria)
=======================================================================
9. ENDitorial: Licences for Europe and fight club... only one rule
=======================================================================
There was a moment in November 2012 when even the most cynical observers
of the European Commission were hopeful of an effective reform of
copyright. Commissioner Barnier gave a speech where he demonstrated that
he understood the problems. He explained that b the digital revolution
has not yet lived up to expectations in the European contextb and
described some barriers to cross-border access to content as
illegitimate. Finally, the problems had been identified. And recognising
a problem is a first step to solving it.
Then, in December 2012, the Commission was even more explicit. It
explained that the following would be addressed: territoriality in the
Internal Market; harmonisation, limitations and exceptions to copyright
in the digital age; fragmentation of the EU copyright market; and how to
improve effectiveness and efficiency of enforcement while underpinning
its legitimacy in the wider context of copyright reform.
So far, all that has actually happened is the launch of the Commission's
b licences for Europeb initiative. Or rather, the Commission's launched
industry's initiative... or... well, whoever it is that owns it, was
launched. The last line of Commissioner Barnier's speech at the opening
event was very telling. b The ball is in your court,b he said. He didn't
explain who b youb are b the overwhelming majority of participants
(industry lobbyists), the tiny minority of civil society... or society
in general?
Actually, we know that b youb is not society in general. The first rule
of fight club ...blicences for Europeb is... you do not talk about
b licences for Europeb. No web streaming of the working groups, b Chatham
House Rulesb that forbid the attribution of statements to particular
participants or their organisations. The public at large is kept firmly
outside of the process. After the lack of transparency that helped bring
down ACTA, we now have closed doors and b Chatham House Rulesb for
b licences for Europeb. And no problem definition for the working groups
to work on.
Barnier's subsequent comment that b it is incomprehensible that Europeans
are coming up against obstacles online which they have been dismantling
in the physical world for more than 50 years,b hovers somewhere between
tragedy and comedy. This statement comes from a Commissioner who
inherited a demonstrably failed 2001 Copyright Directive but has not
acted to fix it. This is the Commissioner that inherited a demonstrably
failed 2004 IPR Enforcement Directive, but has not acted to fix it.
After four years of inaction on licensing and four years of inaction on
exceptions and limitations to copyright, Commissioner Barnier demanded
action... by everyone in the room except himself, to b meet together to
find fast, specific solutions to problems arising in the here and nowb.
Fast? Faster than what?
So, what now? Well, we will have months of working group meetings,
carefully shielded from the public by the opaque walls of the European
Commission, bringing us closer and closer to the end of this
legislature, at which time Commissioner Barnier can hand over the
dossier to the next incumbent of the b Internal Marketb portfolio.
Instead of less red tape and fewer licences, licences b forb Europe are
likely to generate new barriers and new bureaucracy.
For example, one of the working groups is on b user-generated contentb.
User-generated content is... well... how can this be explained...? It is
user-generated and should not require licensing. Obviously? In many
European countries, users can generate content that avails of exceptions
to copyright for parody/pastiche, for incidental use, uses of minor
importance etc., without licences. However, none of these exceptions are
mandatory, so there is a lack of harmonisation across Europe caused by a
European Directive which the Commission has no obvious intention of
resolving. So, if harmonisation is not possible by the removal of
licensing obligations in those countries which don't have appropriate
exceptions... what will the b working groupb be b workingb on? Adding
voluntary b licensingb to remove rights that citizens currently have?
The speech from Commissioner Kroes was not much more inspiring. She said
that she was not b too keen on heavy-handed legislative measures. They
aren't always needed.b This is true. The question is: when you've
already got heavy-handed legislative measures that are not fit for
purpose b do you repeal or reform them, or do you farm the problem out
to an ad hoc collection of industry lobbyists in order to make it seem
that the problem is being solved?
It normally takes at least 9-12 months for the European Parliament to
adopt a legislative text. The next elections are in 15 months. Is there
no hope for a real reform in the next two years?
Licenses for Europe
https://ec.europa.eu/licences-for-europe-dialogue/en
Commissioner Kroes speech: Digital technology and copyright can fit
together (4.02.2013)
http://europa.eu/rapid/press-release_SPEECH-13-96_en.htm
Commissioner Barnier speech: Making European copyright fit for purpose
in the age of internet (7.11.2012)
http://europa.eu/rapid/press-release_SPEECH-12-785_en.htm
Commissioner Barnier speech: Licences for Europe: quality content and
new opportunities for all Europeans in the digital era (4.02.2013)
http://europa.eu/rapid/press-release_SPEECH-13-97_en.htm
(Contribution by Joe McNamee - EDRi)
=======================================================================
10. Recommended Action: support your privacy rights
=======================================================================
EDRi together with other civil rights and data protection organisations
launched on 5 February 2013 the European campaign portal
Privacycampaign.eu in support of better protection for European
citizens' rights to privacy and data protection.
b This is our one opportunity to develop a strong legal framework,
building trust and removing unnecessary red tape for business. We need a
framework that is guided by clear, predictable legal principles and
strong enforcement. Instead, we have an unprecedented wave of
ill-informed, ill-advised and destructive corporate lobbying. Democracy
needs to be injected back into this debate in order to protect the
rights of European citizensb says Joe McNamee, Executive Director of
European Digital Rights.
The joint campaign launched by European Digital Rights (representing 32
organisations), Privacy International, The Julia Group, La Quadrature du
Net and Access aims at creating a counterweight to the massive lobbying
by the US government, trade associations and big internet business on
the data protection reform.
The organisations believe that without a successful reform of the data
protection framework European citizens will be left with a series of
legal loopholes and a range of unpredictable enforcement gaps where
nobody, neither citizens nor business, knows what law will be enforced.
The action of the European citizens is even more needed after the recent
news that prove that MEPs in the Internal Market and Consumer Committee
(IMCO) have adopted amendments written by Amazon, eBay or the American
Chamber of Commerce (AmCham EU) b to the detriment of European citizens
and their fundamental rights to privacy and data protection.
Privacy Campaign - European Campaign Portal for the Data Protection Reform<
http://www.privacycampaign.eu/
Lobby groups take CTRL+V of data protection proposal (11.02.2013)
http://edri.org/lobbyplag-eudatap
LobbyPlag
http://www.lobbyplag.eu/
=======================================================================
11. Recommended Reading
=======================================================================
EU: Protection of human rights in the EU "rarely a priority", says
Human Rights Watch (02.2013)
http://www.statewatch.org/news/2013/feb/03hrw-eu-report.htm
EU cyber security directive considered harmful (8.02.2013)
http://www.lightbluetouchpaper.org/2013/02/08/eu-cyber-security-directive-c…
=======================================================================
12. Agenda
=======================================================================
14-15 February 2013, Vienna, Austria
Internet 2013 - Shaping policies to advance media freedom
http://www.osce.org/event/internet2013
21-22 February 2013, Washington DC, USA
Intellectual Property and Human Rights Conference and Roundtable Discussion
Webcasted live and archived
http://www.wcl.american.edu/pijip/go/blog-post/intellectual-property-and-hu…
22 February 2013, Warsaw, Poland
ePSIplatform Conference: "Gotcha! Getting everyone on board"
http://epsiplatform.eu/content/save-date-22-february-2013-epsiplatform-conf…
21-22 March 2013, Malta
Online Privacy: Consenting to your Future
http://www.onlineprivacyconference.eu/
6-8 May 2013, Berlin, Germany
re:publica 2013
http://re-publica.de/en/
20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/
25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en
25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
CfP by 1 March 2013
http://www.cfp.org/2013
31 July b 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
CfP by 1 March 2013
https://ohm2013.org/
23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/
============================================================
13. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-gram.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRi and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing
or unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Another update:
We need a source in New York City for Proxim microwave point to point
equipment. We are setting up a long-shot data link to bridge a several mile
gap between the mesh and the uplink to the global Net. Please spread this
around.
---
The Doctor [412/724/301/703][ZS]
https://drwho.virtadpt.net/
Sent from a Global Frequency satphone.
--
--
Zero State mailing list:
http://groups.google.com/group/DoctrineZero
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0